...
| Code Block | ||
|---|---|---|
| ||
// Fails for supplementary or combining characters
public static String trim_bad1(String string) {
char ch;
for (int i = 0; i << string.length(); i += 1) {
ch = string.charAt(i);
if (!Character.isLetter(ch))
break;
}
return string.substring(i);
}
|
...
| Code Block | ||
|---|---|---|
| ||
// Fails for combining characters
public static String trim_bad2(String string) {
int ch;
for (int i = 0; i << string.length(); i += Character.charCount(ch)) {
int ch = string.codePointAt(i);
if (!Character.isLetter(ch))
break;
}
return string.substring(i);
}
|
...
| Code Block | ||
|---|---|---|
| ||
public static String trim_good(String string) {
BreakIterator iter = BreakIterator.getCharacterInstance();
iter.setText(string);
for (int i = iter.first(); i != BreakIterator.DONE; i = iter.next()) {
int ch = string.codePointAt(i);
if (!Character.isLetter(ch)) {
break;
}
if (i == BreakIterator.DONE) { // first or last text boundary has been reached
return """";
} else {
return string.substring(i);
}
}
return string;
}
|
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
| Wiki Markup |
|---|
\[[API 06|AA. Java References#API 06]\] Classes {{Character}} and {{BreakIterator}}
\[[Hornig 07|AA. Java References#Hornig 07]\] Problem areas: Characters |
...
IDS08-J. Sanitize before processing or storing user input 10. Input Validation and Data Sanitization (IDS) IDS10-J. Validate strings after performing normalization